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-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). tn no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )S Responsive to communication(s) filed on 13 September 2004 . 
2a)E3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-25 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) £3 Claim(s) 7-25 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

£))□ The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 10 May 2001 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing (s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121 (d). 

1 1) D The oath or declaration is objected to by the Examiner.. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 -D Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1 ) D Notice of References Cited (PTO-892) 4) D Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5) □ Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date . 6) □ Other: . 
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DETAILED ACTION 

1. Claims 1-25 have been examined. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, 23 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Applicant's Admitted Prior Art (hereinafter AAPA) in view of Zubeldia 
et al. European Patent No. 0869637 (hereinafter Zubeldia) and further in view of Grimmer U.S. 
Pat. No. 5774552 (hereinafter Grimmer). 

4. As per claims 1, 5, 7, 9, 13, 15, 17, 21, and 23, AAPA discloses a method for authorizing 
access to controlled resources within a distributed data processing system, the method 
comprising: receiving an attribute certificate from a client at a host within the distributed data 
processing system (AAPA: page 3 lines 8-27); verifying the attribute certificate using the public 
key certificate of the issuing authority for the attribute certificate (AAPA: page 3 lines 8-27); and 
authorizing the client to have access to the controlled resources in accordance with authorization 
attributes stored in the attribute certificate (AAPA: page 3 lines 8-27). 
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AAPA does not explicitly disclose extracting a first locator from the attribute certificate, wherein 
the first locator identifies a location of a public key certificate of an issuing authority for the 
attribute certificate; retrieving the public key certificate of the issuing authority for the attribute 
certificate. However, Zubeldia discloses using certificate index to retrieve certificate information 
used for authentication from repository (Zubeldia: page 4 line33 - page 5 line 8). It would have 
been obvious to one having ordinary skill in the art to use the certificate index to retrieve 
information required for authenticating the digital certificate because digital certificates can be 
modified to result in different forms that meets different needs/purposes. Therefore, it would 
have been obvious to one having ordinary skill in the art to combine the teachings of Zubeldia 
within the system of AAPA because it allows more efficient and flexible digital certification by 
storing necessary information for authenticating the certificate in a central repository so that it is 
easy to change attributes in the certificate. 

AAPA as modified does not explicitly disclose the method of retrieving information/certificate 
and information/certificate stored in the repository that complies with X.509 standard. However, 
Grimmer discloses that limitation (Grimmer: column 4 lines 6-41 and column 5 line 54 - column 
8 lines 33: dynamic link library). It would have been to one having ordinary skill in the art to 
combine the teachings of Grimmer because it increases security by storing authentication 
certificate/information in a secure centralized repository. 

5. As per claim 3, 1 1, and 19, AAPA as modified discloses the method of claim 1. AAPA as 
modified further discloses wherein the attribute certificate and the public key certificate of the 
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issuing authority for the attribute certificate are formatted according to the X.509 standard 
(AAPA: page 3 lines 9-18). 

6. Claims 2 , 6, 8, 10, 14, 16, 18, 22, and 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over AAPA in view of Zubeldia and further in view of Grimmer and further in view 
of Kent U.S. Pat. No. 6671804 (hereinafter Kent) and further in view of de Silva et al. U.S. Pat. 
No. 6615347 (hereinafter de Silva). 

7. As per claim 2, 6, 8, 10, 14, 16, 18, 22, and 24, AAPA as modified discloses the method 
of claim 1 and 5. AAPA as modified further discloses extracting user's certificate. AAPA as 
modified does not explicitly discloses the method comprising: extracting a second locator from 
the attribute certificate, wherein the second locator identifies a location of a public key certificate 
of a holder of the attribute certificate; retrieving the public key certificate of the holder of the 
attribute certificate; authenticating the holder using the public key certificate of the holder. 
However, Kent discloses the attribute certificate has a pointer that binds attribute certificate with 
the user's public key certificate (Kent: column 1 lines36-39). It would have been obvious to one 
having ordinary skill in the art to use the pointer to find the user's public key certificate in the 
repository because digital certificates can be modified to result in different forms that meets 
different needs/purposes. Therefore, it would have been obvious to one having ordinary skill in 
the art to combine the teachings of Kent within the combination of AAPA-Zubeldia-Grimmer 
because it is well known in the art. 
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AAPA as modified does not explicitly discloses there are two locators stored in the digital 
certificates. However, de Silva discloses storing plurality of related certificates in the extension 
field of a certificate (de Silva: figure 3 and column 5 lines 15-41 and column 6 line 56 - column 
7 line 5). It would have been obvious to one having ordinary skill in the art to use the extension 
field to include ED required to retrieve information for authentication. Therefore, it would have 
been obvious to one having ordinary skill in the art to combine the teachings of de Silva within 
the combination of AAPA-Zubeldia-Grimmer-Kent because it is well known in the art to 
associate plurality of related certificates to establish trust path if necessary. 

8. Claims 4, 12, and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
AAPA in view of Zubeldia and further in view of Grimmer and further in view of de Silva. 

9. As per claim 4, 12, and 20, AAPA as modified discloses the method of claim 1. 
However, AAPA as modified does not explicitly disclose wherein the first locator is stored 
within an X.509 extension within the attribute certificate. However, de Silva discloses the 
extension is used to store related certificates and serial numbers (de Silva: figure 2 and column 5 
lines 15-41 and column 6 line 56 - column 7 line 5). It would have been obvious to one having 
ordinary skill in the art to use the serial numbers stored in the extension to retrieve other 
certificates in repository. Therefore, it would have been obvious to one having ordinary skill in 
the art to combine the teachings of de Silva within the combination of AAPA-Zubeldia-Grimmer 
because it is well known in the art to store certificate information into the extension of a 
certificate including serial numbers. 
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10. Claim 25 is rejected under 35 U.S.C. 103(a) as being unpatentable over Farrell et al. "An 
Internet Attribute Certificate Profile for Authentication" (hereinafter Farrell) in view of de Silva 
and further in view of Zubeldia. 

11. As per claim 25, Farrell discloses a data structure representing an attribute certificate for 
use in a data processing system, the data structure comprising: 

an issuer name; a signature; a holder name; an attribute; and an extension (Farrell: page 8 section 
4.1). 

Farrell does not explicitly disclose wherein the extension comprises a locator identifying a 
location of a public key certificate of an issuing authority for the attribute certificate. However, 
de Silva discloses the extension discloses related certificate and serial number (de Silva: (de. 
Silva: figure 2 and column 5 lines 15-41 and column 6 line 56 - column 7 line 5). It would have 
been obvious to one having ordinary skill in the art to combine the teachings of de Silvia within 
the system of Farrell because it allows additional information relating to the certificate to be used 
for authentication. 

Farrell as modified does not explicitly disclose that issuing authority certificate can be obtained 
through locator. However, Zubeldia discloses issuing authority certificate can be obtained from a 
certification repository and the repository is accessed through unique ID. (Zubeldia: abstract: 
location of the additional information is indicated by the unique ED; page 3 lines 44-48: obtain a 
copy of certificate through certificate repository). It would have been obvious to one having 
ordinary skill in the art to obtain required information through the use of pointers or indicators 
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that retrieves the information in a directory or database. Therefore, it would have been obvious to 
one having ordinary skill to combine the teachings of Zubeldia within the combination of Farrell- 
de Silvia because using pointers or indicators to retrieve information in a database or directory is 
well known in the art. 



Response to Arguments 
12. Applicant's arguments filed on 9/13/04 have been fully considered but they are not 
persuasive. 

According to applicant's argument, applicant argues that the Zubeldia reference does not 
disclose the second and third limitation of the independent claim. However, Zubeldia is cited to 
disclose using certificate index (locator) to retrieve certification information and the Grimmer 
reference is cited to disclose the retrieving authentication certificate using attributes. Therefore, it 
would have been obvious to one having ordinary skill in the art to have a index/pointer that can 
be used to retrieve authentication certificates because digital certificates can be modified 
according to different needs/purposes. 

According to applicant's argument, applicant argues that the reference does not disclose 
the locator "identifies a location of a public key certificate of a holder of the attribute certificate". 
However, the examiner broadly interpret the locator as a index or pointer that allows a verifier to 
use the information to access a public secure repository to retrieve public key certificate. 
Therefore, applicant's argument is respectfully traversed. 



Conclusion 
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13. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (571) 272-3789. The 
examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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